Whoever coined the term that “bad things come in three’s” probably didn’t have security breaches in mind, but it holds true nonetheless. In regards to data breaches and any type of security threat, those three things can be narrowed down to people, activities, and applications.
Threat of People
Users can be targeted by attacks, make mistakes, or even turn malicious, which makes them the weakest link in the security chain. The first step in addressing this risk is to understand the various types of users within your organization and their risk profiles. Organizations should consider three different categories of people: contractors, IT users, and everyday business users. Many of the high-profile breaches of the past year (think Home Depot, Target, etc.) were due to contractors’ login credentials being stolen. The crippling cyber-attack at Sony has been traced to the stolen credentials of a systems administrator. Most recently, a 30-year-old rookie financial adviser (business user) at Morgan Stanley stole data on the bank’s wealthiest clients. These are just a few examples of each type of user category that has been part of a recent breach.
Threat of Activity
Top activities that put your organization at risk: usage of personal cloud applications, uneducated responses to phishing, configuration changes, and remote access. Employees are opening the door for hackers to enter company infrastructure without knowing it. Something as simple and unintentional as using personal cloud applications (email, file sharing, screen capturing) for productivity purposes or clicking a link in a phishing email can grant outsiders access to your secure network. Once inside the network, hackers can perform activities to get complete access to the information for which they are looking (Sudo, account creation and permission changes). It is extremely difficult to identify unauthorized activity with varying permission levels and the number of admin-related tasks performed on a daily basis (remote access to new systems or leap frogging to different machines). When organizations fail to notice abnormal activity in context of user categories and other actions, it gives hackers and malicious users time to get valuable data or do real damage.
Threat of Applications
The large majority of users’ access data through everyday applications, such as wealth management or portfolio management, to do their jobs, but their actions are hidden in the large volume of data generated through normal user activities. Companies across a variety of industries rely on business applications that can access their data, such as call center applications, financial systems, EMR/EHR, POS, eCommerce, Billing, Claims processing, portfolio management, CRM, Patient administration, but these applications aren’t as monitored or secured as their data storage infrastructures. Once users login to these critical applications, many organizations have no idea what they are doing. This is making everyday enterprise applications the weak link in today’s computer networks.
Free Cyber Security Training! Join the revolution, today!
Each of these toxic combinations of people, activities and applications has one thing in common; they introduce substantial unaddressed user-based risk. Security-conscious organizations must monitor user accounts to reduce the impact of this type of user-based risk. Regardless of your monitoring needs, user activity monitoring significantly enhances your security program and allows security teams to mitigate user-based risks in a manner that preserves user privacy.
By Matt Zanderigo, Product Marketing Manager, ObserveIT
Bio: Matt is currently the Product Marketing Manager for ObserveIT’s User Activity Monitoring solution. In this role, he leads the product marketing efforts, solution messaging and the company’s freemium strategy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.